I fixed the second like to be a link to the CRL and not to the CA.
It happily loads ${hash}.r0, it does not touch ${hash}.0, but it still

As you have explicitly configured you CA cert it does not need to look via hash.
It propably would when encountering a cert signed by a different CA than
the one you configured but I am not that 100% on the actual logic.